Open tsujp opened 2 years ago
Hi,
Thanks for raising this. Yes Tessera uses RSA algorithm by default when loading the certificates.
Originally at the beginning the ssl config was made to mainly accommodate certs being stored in java keystores format and I'm not sure if Ed25519 was supported by older versions of java at the time.
We'll see if this can be made configurable and will keep you updated.
I have been playing around with configuring Tessera for TLS and through my experiments I cannot see it supporting anything other than RSA x509 certificates. This is less than ideal because RSA has huge key lengths (which become a problem when automation is involved due to character length limits) when compared to say ED25519 or P256-1 keys.
I've included the Bash script I made when doing the testing, followed by the Tessera configuration. When using ED25519 I get errors about signing algorithm, similarly to P256-1.
Bash script self-signed x509 certificates
Tessera P2P configuration for the above x509 certificates